git.samba.org / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 43a5d96)
CVE-2018-1057: s4:dsdb/password_hash: add a helper variable for passwordAttr->num_values
authorRalph Boehme <slow@samba.org>
Thu, 15 Feb 2018 13:40:59 +0000 (14:40 +0100)
committerKarolin Seeger <kseeger@samba.org>
Tue, 13 Mar 2018 09:25:39 +0000 (10:25 +0100)
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
source4/dsdb/samdb/ldb_modules/password_hash.c patch | blob | history

diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c
index ceb0a4f2257c853b3a707070f8c940a6ee5d3b93..e8af7e81c190fcd22eb478d3bfa005786a4a2ecd 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/password_hash.c
+++ b/source4/dsdb/samdb/ldb_modules/password_hash.c
@@ -4235,6 +4235,7 @@ static int password_hash_modify(struct ldb_module *module, struct ldb_request *r
 
                while ((passwordAttr = ldb_msg_find_element(msg, *l)) != NULL) {
                        unsigned int mtype = LDB_FLAG_MOD_TYPE(passwordAttr->flags);
+                       unsigned int nvalues = passwordAttr->num_values;
 
                        if (mtype == LDB_FLAG_MOD_DELETE) {
                                ++del_attr_cnt;
@@ -4245,18 +4246,14 @@ static int password_hash_modify(struct ldb_module *module, struct ldb_request *r
                        if (mtype == LDB_FLAG_MOD_REPLACE) {
                                ++rep_attr_cnt;
                        }
-                       if ((passwordAttr->num_values != 1) &&
-                           (mtype == LDB_FLAG_MOD_ADD))
-                       {
+                       if ((nvalues != 1) && (mtype == LDB_FLAG_MOD_ADD)) {
                                talloc_free(ac);
                                ldb_asprintf_errstring(ldb,
                                                       "'%s' attribute must have exactly one value on add operations!",
                                                       *l);
                                return LDB_ERR_CONSTRAINT_VIOLATION;
                        }
-                       if ((passwordAttr->num_values > 1) &&
-                           (mtype == LDB_FLAG_MOD_DELETE))
-                       {
+                       if ((nvalues > 1) && (mtype == LDB_FLAG_MOD_DELETE)) {
                                talloc_free(ac);
                                ldb_asprintf_errstring(ldb,
                                                       "'%s' attribute must have zero or one value(s) on delete operations!",
Samba Shared Repository